Edit tour

Windows Analysis Report
https://reserves-page.com/evquyjaw

Overview

General Information

Sample URL:	https://reserves-page.com/evquyjaw
Analysis ID:	1589676
Infos:

Detection

HTMLPhisher

Score:	64
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Antivirus detection for URL or domain

Yara detected BlockedWebSite

Classification

Process Tree

System is w10x64

chrome.exe (PID: 3704 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 3940 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2256 --field-trial-handle=2220,i,7323484820742791513,8664641761319744248,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 6892 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://reserves-page.com/evquyjaw" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

cleanup

Yara Signatures

Dropped Files

Source	Rule	Description	Author	Strings
dropped/chromecache_43	JoeSecurity_BlockedWebSite	Yara detected BlockedWebSite	Joe Security

HTML

Source	Rule	Description	Author	Strings
1.0.pages.csv	JoeSecurity_BlockedWebSite	Yara detected BlockedWebSite	Joe Security
1.1.pages.csv	JoeSecurity_BlockedWebSite	Yara detected BlockedWebSite	Joe Security

HTTP traffic detected: POST /report/v4?s=4cw%2FiHr0XuECvea98csnAqPrFuFn99lGeepsU6BPTSomwHWxl%2FzdH%2BZYp5xo1EthJedJogRhvVyCkBOJZoJOZizNAMESrYpttUBA5g31cT1dMGAsSEFXj4a4IX1w%2B6PD5OKhTA%3D%3D HTTP/1.1Host: a.nel.cloudflare.comConnection: keep-aliveContent-Length: 393Content-Type: application/reports+jsonUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9

Source: global traffic

HTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Mon, 13 Jan 2025 00:01:42 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeX-Frame-Options: SAMEORIGINReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=4cw%2FiHr0XuECvea98csnAqPrFuFn99lGeepsU6BPTSomwHWxl%2FzdH%2BZYp5xo1EthJedJogRhvVyCkBOJZoJOZizNAMESrYpttUBA5g31cT1dMGAsSEFXj4a4IX1w%2B6PD5OKhTA%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 90111d00dd5d0fa8-EWR

Source: chromecache_43.2.dr	String found in binary or memory: https://www.cloudflare.com/5xx-error-landing
Source: chromecache_43.2.dr	String found in binary or memory: https://www.cloudflare.com/learning/access-management/phishing-attack/

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 49814 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49814
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745

Source: classification engine

Classification label: mal64.phis.win@16/7@8/7

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2256 --field-trial-handle=2220,i,7323484820742791513,8664641761319744248,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://reserves-page.com/evquyjaw"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2256 --field-trial-handle=2220,i,7323484820742791513,8664641761319744248,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	Path Interception	1 Process Injection	1 Process Injection	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	Rootkit	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	4 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	5 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	3 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
https://reserves-page.com/evquyjaw	100%	Avira URL Cloud	phishing

Source	Detection	Scanner	Label
https://reserves-page.com/favicon.ico	100%	Avira URL Cloud	phishing
https://reserves-page.com/cdn-cgi/images/icon-exclamation.png?1376755637	100%	Avira URL Cloud	phishing
https://reserves-page.com/cdn-cgi/styles/cf.errors.css	100%	Avira URL Cloud	phishing

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
bg.microsoft.map.fastly.net	199.232.214.172	true	false	high
a.nel.cloudflare.com	35.190.80.1	true	false	high
s-part-0017.t-0009.t-msedge.net	13.107.246.45	true	false	high
www.google.com	142.250.181.228	true	false	high
reserves-page.com	104.21.16.1	true	false	unknown
fp2e7a.wpc.phicdn.net	192.229.221.95	true	false	high

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://reserves-page.com/cdn-cgi/styles/cf.errors.css	false	Avira URL Cloud: phishing	unknown
https://reserves-page.com/cdn-cgi/images/icon-exclamation.png?1376755637	false	Avira URL Cloud: phishing	unknown
https://reserves-page.com/favicon.ico	false	Avira URL Cloud: phishing	unknown
https://reserves-page.com/evquyjaw	true		unknown
https://a.nel.cloudflare.com/report/v4?s=4cw%2FiHr0XuECvea98csnAqPrFuFn99lGeepsU6BPTSomwHWxl%2FzdH%2BZYp5xo1EthJedJogRhvVyCkBOJZoJOZizNAMESrYpttUBA5g31cT1dMGAsSEFXj4a4IX1w%2B6PD5OKhTA%3D%3D	false		high

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://www.cloudflare.com/learning/access-management/phishing-attack/	chromecache_43.2.dr	false		high
https://www.cloudflare.com/5xx-error-landing	chromecache_43.2.dr	false		high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
104.21.48.1	unknown	United States	13335	CLOUDFLARENETUS	false
104.21.16.1	reserves-page.com	United States	13335	CLOUDFLARENETUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
142.250.181.228	www.google.com	United States	15169	GOOGLEUS	false
35.190.80.1	a.nel.cloudflare.com	United States	15169	GOOGLEUS	false

Private

IP
192.168.2.4
192.168.2.6

General Information

Joe Sandbox version:	42.0.0 Malachite
Analysis ID:	1589676
Start date and time:	2025-01-13 01:00:40 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 3m 20s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	browseurl.jbs
Sample URL:	https://reserves-page.com/evquyjaw
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	8
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal64.phis.win@16/7@8/7
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 142.250.186.131, 142.250.184.206, 64.233.184.84, 216.58.206.46, 142.250.186.142, 142.250.186.174, 172.202.163.200, 199.232.214.172, 192.229.221.95, 40.69.42.241, 172.217.18.14, 142.250.184.238, 142.250.185.206, 142.250.186.46, 142.250.186.99, 216.58.206.78, 34.104.35.123, 184.28.90.27, 13.107.246.45
Excluded domains from analysis (whitelisted): clients1.google.com, fs.microsoft.com, accounts.google.com, slscr.update.microsoft.com, ctldl.windowsupdate.com.delivery.microsoft.com, otelrules.azureedge.net, otelrules.afd.azureedge.net, clientservices.googleapis.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com, fe3.delivery.mp.microsoft.com, clients2.google.com, redirector.gvt1.com, ocsp.digicert.com, edgedl.me.gvt1.com, ocsp.edge.digicert.com, glb.cws.prod.dcat.dsp.trafficmanager.net, sls.update.microsoft.com, update.googleapis.com, azureedge-t-prod.trafficmanager.net, clients.l.google.com, wu-b-net.trafficmanager.net, glb.sls.prod.dcat.dsp.trafficmanager.net
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtSetInformationFile calls found.
Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
VT rate limit hit for: https://reserves-page.com/evquyjaw

Input	Output
URL: https://reserves-page.com Model: Joe Sandbox AI	{ "typosquatting": false, "unusual_query_string": false, "suspicious_tld": false, "ip_in_url": false, "long_subdomain": false, "malicious_keywords": false, "encoded_characters": false, "redirection": false, "contains_email_address": false, "known_domain": false, "brand_spoofing_attempt": false, "third_party_hosting": false }
URL: https://reserves-page.com
URL: https://reserves-page.com/evquyjaw... Model: Joe Sandbox AI	{ "risk_score": 1, "reasoning": "This script checks if cookies are enabled in the user's browser and displays a cookie alert if they are not. This is a common practice to inform users about cookie usage and does not demonstrate any high-risk behaviors." }
if (!navigator.cookieEnabled) { window.addEventListener('DOMContentLoaded', function () { var cookieEl = document.getElementById('cookie-alert'); cookieEl.style.display = 'block'; }) }
URL: https://reserves-page.com/evquyjaw Model: Joe Sandbox AI	{ "contains_trigger_text": true, "trigger_text": "Suspected Phishing", "prominent_button_name": "Learn More", "text_input_field_labels": "unknown", "pdf_icon_visible": false, "has_visible_captcha": false, "has_urgent_text": true, "has_visible_qrcode": false, "contains_chinese_text": false, "contains_fake_security_alerts": true }

URL: https://reserves-page.com/evquyjaw Model: Joe Sandbox AI	{ "contains_trigger_text": true, "trigger_text": "Suspected Phishing", "prominent_button_name": "Learn More", "text_input_field_labels": "unknown", "pdf_icon_visible": false, "has_visible_captcha": false, "has_urgent_text": true, "has_visible_qrcode": false, "contains_chinese_text": false, "contains_fake_security_alerts": true }

URL: https://reserves-page.com/evquyjaw Model: Joe Sandbox AI	{ "brands": "unknown" }
	{ "brands": "unknown" }
URL: https://reserves-page.com/evquyjaw Model: Joe Sandbox AI	{ "brands": [ "Cloudflare" ] }
	{ "brands": [ "Cloudflare" ] }

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text, with very long lines (394)
Category:	downloaded
Size (bytes):	4553
Entropy (8bit):	5.040931842019254
Encrypted:	false
SSDEEP:	96:1j9jwIjYjUDK/D5DMF+BOiUAtsUZLmmprR89PaQxJbGD:1j9jhjYjIK/Vo+trdZ6mpre9ieJGD
MD5:	E04D56F30AF6DE41F0E7D869532343C0
SHA1:	1906C9A7AD1C4B102AD39590BEE13B6A0FA52C10
SHA-256:	76EA1E1698A41E058649A773B27AA65C48D8809A66ABEF74C64CB6F926AE91CD
SHA-512:	EC389983D0740DA8DAA641B2992B06A0CA74F3932A5EA87637C9CC6DB69E58BCAAFD97A626DD67A4211CE954DA215EEF7E8B223FEE59A235575BCE9B0F086615
Malicious:	false
Reputation:	low
URL:	https://reserves-page.com/evquyjaw
Preview:	<!DOCTYPE html>. [if lt IE 7]> <html class="no-js ie6 oldie" lang="en-US"> <![endif]-->. [if IE 7]> <html class="no-js ie7 oldie" lang="en-US"> <![endif]-->. [if IE 8]> <html class="no-js ie8 oldie" lang="en-US"> <![endif]-->. [if gt IE 8]> > <html class="no-js" lang="en-US"> <![endif]-->.<head>.<title>Suspected phishing site \| Cloudflare</title>.<meta charset="UTF-8" />.<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />.<meta http-equiv="X-UA-Compatible" content="IE=Edge" />.<meta name="robots" content="noindex, nofollow" />.<meta name="viewport" content="width=device-width,initial-scale=1" />.<link rel="stylesheet" id="cf_styles-css" href="/cdn-cgi/styles/cf.errors.css" />. [if lt IE 9]><link rel="stylesheet" id='cf_styles-ie-css' href="/cdn-cgi/styles/cf.errors.ie.css" /><![endif]-->.<style>body{margin:0;padding:0}</style>... [if gte IE 10]> >.<script>. if (!navigator.cookieEnabled) {. window.addEventListener('DOMContentLoaded

Chrome Cache Entry: 44

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 54 x 54, 8-bit colormap, non-interlaced
Category:	downloaded
Size (bytes):	452
Entropy (8bit):	7.0936408308765495
Encrypted:	false
SSDEEP:	12:6v/7EljW8E6Cl2SYh8SZM4tf70FSDvMXDxJp6ScFChY9:U8hCl2SIdZBtAFSDUX/ozIhK
MD5:	C33DE66281E933259772399D10A6AFE8
SHA1:	B9F9D500F8814381451011D4DCF59CD2D90AD94F
SHA-256:	F1591A5221136C49438642155691AE6C68E25B7241F3D7EBE975B09A77662016
SHA-512:	5834FB9D66F550E6CECFE484B7B6A14F3FCA795405DECE8E652BD69AD917B94B6BBDCDF7639161B9C07F0D33EABD3E79580446B5867219F72F4FC43FD43B98C3
Malicious:	false
Reputation:	low
URL:	https://reserves-page.com/cdn-cgi/images/icon-exclamation.png?1376755637
Preview:	.PNG........IHDR...6...6............3PLTE.E?.E?.E?.E?.E?.E?.E?.E?.E?.E?.E?.E?.E?.E?.E?.E?.E?..".....tRNS.@0.`........ P.p`...../IDATx.....0...l..6....+...~yJ.F"....oE..L.3..[..i2..n.WyJ..z&.....F.......b....p~...\|:t5.m...fp.i./e....%.%...n.P...enV.....!...,.......E........t![HW.B.g.R.\^.e..o+........%.&-j..q...f@..o...]... ....u0.x..2K.+C..8.U.L.Y.[=.....y...o.tF..]M..U.,4..........a.>/.)....C3gNI.i...R.=....Q7..K......IEND.B`.

Chrome Cache Entry: 45

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 54 x 54, 8-bit colormap, non-interlaced
Category:	dropped
Size (bytes):	452
Entropy (8bit):	7.0936408308765495
Encrypted:	false
SSDEEP:	12:6v/7EljW8E6Cl2SYh8SZM4tf70FSDvMXDxJp6ScFChY9:U8hCl2SIdZBtAFSDUX/ozIhK
MD5:	C33DE66281E933259772399D10A6AFE8
SHA1:	B9F9D500F8814381451011D4DCF59CD2D90AD94F
SHA-256:	F1591A5221136C49438642155691AE6C68E25B7241F3D7EBE975B09A77662016
SHA-512:	5834FB9D66F550E6CECFE484B7B6A14F3FCA795405DECE8E652BD69AD917B94B6BBDCDF7639161B9C07F0D33EABD3E79580446B5867219F72F4FC43FD43B98C3
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR...6...6............3PLTE.E?.E?.E?.E?.E?.E?.E?.E?.E?.E?.E?.E?.E?.E?.E?.E?.E?..".....tRNS.@0.`........ P.p`...../IDATx.....0...l..6....+...~yJ.F"....oE..L.3..[..i2..n.WyJ..z&.....F.......b....p~...\|:t5.m...fp.i./e....%.%...n.P...enV.....!...,.......E........t![HW.B.g.R.\^.e..o+........%.&-j..q...f@..o...]... ....u0.x..2K.+C..8.U.L.Y.[=.....y...o.tF..]M..U.,4..........a.>/.)....C3gNI.i...R.=....Q7..K......IEND.B`.

Chrome Cache Entry: 46

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (24050)
Category:	downloaded
Size (bytes):	24051
Entropy (8bit):	4.941039417164537
Encrypted:	false
SSDEEP:	192:VuR/6okgTQwq23gGM8lUR9YRGQ2BwoX6zp+1+nDT1FvxKSI7/UsV7MSE6XZ2dKzk:JwV+oUcoQJpdf1dxKSI7/Ue7ZX2qk
MD5:	5E8C69A459A691B5D1B9BE442332C87D
SHA1:	F24DD1AD7C9080575D92A9A9A2C42620725EF836
SHA-256:	84E3C77025ACE5AF143972B4A40FC834DCDFD4E449D4B36A57E62326F16B3091
SHA-512:	6DB74B262D717916DE0B0B600EEAD2CC6A10E52A9E26D701FAE761FCBC931F35F251553669A92BE3B524F380F32E62AC6AD572BEA23C78965228CE9EFB92ED42
Malicious:	false
Reputation:	low
URL:	https://reserves-page.com/cdn-cgi/styles/cf.errors.css
Preview:	#cf-wrapper a,#cf-wrapper abbr,#cf-wrapper article,#cf-wrapper aside,#cf-wrapper b,#cf-wrapper big,#cf-wrapper blockquote,#cf-wrapper body,#cf-wrapper canvas,#cf-wrapper caption,#cf-wrapper center,#cf-wrapper cite,#cf-wrapper code,#cf-wrapper dd,#cf-wrapper del,#cf-wrapper details,#cf-wrapper dfn,#cf-wrapper div,#cf-wrapper dl,#cf-wrapper dt,#cf-wrapper em,#cf-wrapper embed,#cf-wrapper fieldset,#cf-wrapper figcaption,#cf-wrapper figure,#cf-wrapper footer,#cf-wrapper form,#cf-wrapper h1,#cf-wrapper h2,#cf-wrapper h3,#cf-wrapper h4,#cf-wrapper h5,#cf-wrapper h6,#cf-wrapper header,#cf-wrapper hgroup,#cf-wrapper html,#cf-wrapper i,#cf-wrapper iframe,#cf-wrapper img,#cf-wrapper label,#cf-wrapper legend,#cf-wrapper li,#cf-wrapper mark,#cf-wrapper menu,#cf-wrapper nav,#cf-wrapper object,#cf-wrapper ol,#cf-wrapper output,#cf-wrapper p,#cf-wrapper pre,#cf-wrapper s,#cf-wrapper samp,#cf-wrapper section,#cf-wrapper small,#cf-wrapper span,#cf-wrapper strike,#cf-wrapper strong,#cf-wrapper sub,#cf-w

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jan 13, 2025 01:01:40.642983913 CET	49738	443	192.168.2.4	142.250.181.228
Jan 13, 2025 01:01:40.643090010 CET	443	49738	142.250.181.228	192.168.2.4
Jan 13, 2025 01:01:40.643244028 CET	49738	443	192.168.2.4	142.250.181.228
Jan 13, 2025 01:01:40.645457983 CET	49738	443	192.168.2.4	142.250.181.228
Jan 13, 2025 01:01:40.645498037 CET	443	49738	142.250.181.228	192.168.2.4
Jan 13, 2025 01:01:41.290359020 CET	443	49738	142.250.181.228	192.168.2.4
Jan 13, 2025 01:01:41.290918112 CET	49738	443	192.168.2.4	142.250.181.228
Jan 13, 2025 01:01:41.290982008 CET	443	49738	142.250.181.228	192.168.2.4
Jan 13, 2025 01:01:41.292036057 CET	443	49738	142.250.181.228	192.168.2.4
Jan 13, 2025 01:01:41.292195082 CET	49738	443	192.168.2.4	142.250.181.228
Jan 13, 2025 01:01:41.583813906 CET	49738	443	192.168.2.4	142.250.181.228
Jan 13, 2025 01:01:41.584032059 CET	443	49738	142.250.181.228	192.168.2.4
Jan 13, 2025 01:01:41.638143063 CET	49738	443	192.168.2.4	142.250.181.228
Jan 13, 2025 01:01:41.638195992 CET	443	49738	142.250.181.228	192.168.2.4
Jan 13, 2025 01:01:41.685009956 CET	49738	443	192.168.2.4	142.250.181.228
Jan 13, 2025 01:01:41.980838060 CET	49740	443	192.168.2.4	104.21.16.1
Jan 13, 2025 01:01:41.980897903 CET	443	49740	104.21.16.1	192.168.2.4
Jan 13, 2025 01:01:41.980974913 CET	49740	443	192.168.2.4	104.21.16.1
Jan 13, 2025 01:01:41.981657982 CET	49741	443	192.168.2.4	104.21.16.1
Jan 13, 2025 01:01:41.981719017 CET	443	49741	104.21.16.1	192.168.2.4
Jan 13, 2025 01:01:41.981780052 CET	49741	443	192.168.2.4	104.21.16.1
Jan 13, 2025 01:01:41.986017942 CET	49741	443	192.168.2.4	104.21.16.1
Jan 13, 2025 01:01:41.986037970 CET	443	49741	104.21.16.1	192.168.2.4
Jan 13, 2025 01:01:41.986172915 CET	49740	443	192.168.2.4	104.21.16.1
Jan 13, 2025 01:01:41.986202002 CET	443	49740	104.21.16.1	192.168.2.4
Jan 13, 2025 01:01:42.448092937 CET	443	49740	104.21.16.1	192.168.2.4
Jan 13, 2025 01:01:42.448661089 CET	49740	443	192.168.2.4	104.21.16.1
Jan 13, 2025 01:01:42.448693991 CET	443	49740	104.21.16.1	192.168.2.4
Jan 13, 2025 01:01:42.449891090 CET	443	49740	104.21.16.1	192.168.2.4
Jan 13, 2025 01:01:42.449956894 CET	49740	443	192.168.2.4	104.21.16.1
Jan 13, 2025 01:01:42.457720041 CET	443	49741	104.21.16.1	192.168.2.4
Jan 13, 2025 01:01:42.475444078 CET	49740	443	192.168.2.4	104.21.16.1
Jan 13, 2025 01:01:42.475637913 CET	443	49740	104.21.16.1	192.168.2.4
Jan 13, 2025 01:01:42.475677013 CET	49740	443	192.168.2.4	104.21.16.1
Jan 13, 2025 01:01:42.475918055 CET	49741	443	192.168.2.4	104.21.16.1
Jan 13, 2025 01:01:42.475989103 CET	443	49741	104.21.16.1	192.168.2.4
Jan 13, 2025 01:01:42.476962090 CET	443	49741	104.21.16.1	192.168.2.4
Jan 13, 2025 01:01:42.477072001 CET	49741	443	192.168.2.4	104.21.16.1
Jan 13, 2025 01:01:42.480268955 CET	49741	443	192.168.2.4	104.21.16.1
Jan 13, 2025 01:01:42.480360985 CET	443	49741	104.21.16.1	192.168.2.4
Jan 13, 2025 01:01:42.519323111 CET	443	49740	104.21.16.1	192.168.2.4
Jan 13, 2025 01:01:42.528023005 CET	49740	443	192.168.2.4	104.21.16.1
Jan 13, 2025 01:01:42.528021097 CET	49741	443	192.168.2.4	104.21.16.1
Jan 13, 2025 01:01:42.528039932 CET	443	49740	104.21.16.1	192.168.2.4
Jan 13, 2025 01:01:42.528055906 CET	443	49741	104.21.16.1	192.168.2.4
Jan 13, 2025 01:01:42.575470924 CET	49740	443	192.168.2.4	104.21.16.1
Jan 13, 2025 01:01:42.576128960 CET	49741	443	192.168.2.4	104.21.16.1
Jan 13, 2025 01:01:42.581238031 CET	443	49740	104.21.16.1	192.168.2.4
Jan 13, 2025 01:01:42.581362963 CET	443	49740	104.21.16.1	192.168.2.4
Jan 13, 2025 01:01:42.581422091 CET	443	49740	104.21.16.1	192.168.2.4
Jan 13, 2025 01:01:42.581473112 CET	443	49740	104.21.16.1	192.168.2.4
Jan 13, 2025 01:01:42.581536055 CET	49740	443	192.168.2.4	104.21.16.1
Jan 13, 2025 01:01:42.581568956 CET	443	49740	104.21.16.1	192.168.2.4
Jan 13, 2025 01:01:42.581602097 CET	49740	443	192.168.2.4	104.21.16.1
Jan 13, 2025 01:01:42.581648111 CET	443	49740	104.21.16.1	192.168.2.4
Jan 13, 2025 01:01:42.581810951 CET	49740	443	192.168.2.4	104.21.16.1
Jan 13, 2025 01:01:42.585433006 CET	49740	443	192.168.2.4	104.21.16.1
Jan 13, 2025 01:01:42.585443020 CET	443	49740	104.21.16.1	192.168.2.4
Jan 13, 2025 01:01:42.603223085 CET	49742	443	192.168.2.4	35.190.80.1
Jan 13, 2025 01:01:42.603255033 CET	443	49742	35.190.80.1	192.168.2.4
Jan 13, 2025 01:01:42.603370905 CET	49742	443	192.168.2.4	35.190.80.1
Jan 13, 2025 01:01:42.605052948 CET	49742	443	192.168.2.4	35.190.80.1
Jan 13, 2025 01:01:42.605063915 CET	443	49742	35.190.80.1	192.168.2.4
Jan 13, 2025 01:01:42.639719963 CET	49741	443	192.168.2.4	104.21.16.1
Jan 13, 2025 01:01:42.687331915 CET	443	49741	104.21.16.1	192.168.2.4
Jan 13, 2025 01:01:42.740255117 CET	443	49741	104.21.16.1	192.168.2.4
Jan 13, 2025 01:01:42.740291119 CET	443	49741	104.21.16.1	192.168.2.4
Jan 13, 2025 01:01:42.740314007 CET	443	49741	104.21.16.1	192.168.2.4
Jan 13, 2025 01:01:42.740338087 CET	443	49741	104.21.16.1	192.168.2.4
Jan 13, 2025 01:01:42.740360022 CET	443	49741	104.21.16.1	192.168.2.4
Jan 13, 2025 01:01:42.740382910 CET	443	49741	104.21.16.1	192.168.2.4
Jan 13, 2025 01:01:42.740390062 CET	49741	443	192.168.2.4	104.21.16.1
Jan 13, 2025 01:01:42.740468979 CET	443	49741	104.21.16.1	192.168.2.4
Jan 13, 2025 01:01:42.740509033 CET	49741	443	192.168.2.4	104.21.16.1
Jan 13, 2025 01:01:42.740509033 CET	49741	443	192.168.2.4	104.21.16.1
Jan 13, 2025 01:01:42.744554996 CET	443	49741	104.21.16.1	192.168.2.4
Jan 13, 2025 01:01:42.745069027 CET	443	49741	104.21.16.1	192.168.2.4
Jan 13, 2025 01:01:42.745096922 CET	443	49741	104.21.16.1	192.168.2.4
Jan 13, 2025 01:01:42.745143890 CET	443	49741	104.21.16.1	192.168.2.4
Jan 13, 2025 01:01:42.745172024 CET	443	49741	104.21.16.1	192.168.2.4
Jan 13, 2025 01:01:42.745184898 CET	49741	443	192.168.2.4	104.21.16.1
Jan 13, 2025 01:01:42.745218992 CET	443	49741	104.21.16.1	192.168.2.4
Jan 13, 2025 01:01:42.745245934 CET	49741	443	192.168.2.4	104.21.16.1
Jan 13, 2025 01:01:42.745266914 CET	49741	443	192.168.2.4	104.21.16.1
Jan 13, 2025 01:01:42.795977116 CET	49741	443	192.168.2.4	104.21.16.1
Jan 13, 2025 01:01:42.830770016 CET	443	49741	104.21.16.1	192.168.2.4
Jan 13, 2025 01:01:42.830832005 CET	443	49741	104.21.16.1	192.168.2.4
Jan 13, 2025 01:01:42.830921888 CET	443	49741	104.21.16.1	192.168.2.4
Jan 13, 2025 01:01:42.830935955 CET	49741	443	192.168.2.4	104.21.16.1
Jan 13, 2025 01:01:42.830954075 CET	443	49741	104.21.16.1	192.168.2.4
Jan 13, 2025 01:01:42.830966949 CET	443	49741	104.21.16.1	192.168.2.4
Jan 13, 2025 01:01:42.830981970 CET	49741	443	192.168.2.4	104.21.16.1
Jan 13, 2025 01:01:42.831051111 CET	443	49741	104.21.16.1	192.168.2.4
Jan 13, 2025 01:01:42.831082106 CET	49741	443	192.168.2.4	104.21.16.1
Jan 13, 2025 01:01:42.831154108 CET	49741	443	192.168.2.4	104.21.16.1
Jan 13, 2025 01:01:42.857669115 CET	49741	443	192.168.2.4	104.21.16.1
Jan 13, 2025 01:01:42.857713938 CET	443	49741	104.21.16.1	192.168.2.4
Jan 13, 2025 01:01:43.074470997 CET	443	49742	35.190.80.1	192.168.2.4
Jan 13, 2025 01:01:43.104950905 CET	49742	443	192.168.2.4	35.190.80.1
Jan 13, 2025 01:01:43.104968071 CET	443	49742	35.190.80.1	192.168.2.4
Jan 13, 2025 01:01:43.108903885 CET	443	49742	35.190.80.1	192.168.2.4
Jan 13, 2025 01:01:43.109201908 CET	49742	443	192.168.2.4	35.190.80.1
Jan 13, 2025 01:01:43.296531916 CET	49742	443	192.168.2.4	35.190.80.1
Jan 13, 2025 01:01:43.296531916 CET	49742	443	192.168.2.4	35.190.80.1
Jan 13, 2025 01:01:43.296550035 CET	443	49742	35.190.80.1	192.168.2.4
Jan 13, 2025 01:01:43.296884060 CET	443	49742	35.190.80.1	192.168.2.4
Jan 13, 2025 01:01:43.308305025 CET	49744	443	192.168.2.4	104.21.16.1
Jan 13, 2025 01:01:43.308351040 CET	443	49744	104.21.16.1	192.168.2.4
Jan 13, 2025 01:01:43.308491945 CET	49744	443	192.168.2.4	104.21.16.1
Jan 13, 2025 01:01:43.309423923 CET	49744	443	192.168.2.4	104.21.16.1
Jan 13, 2025 01:01:43.309436083 CET	443	49744	104.21.16.1	192.168.2.4
Jan 13, 2025 01:01:43.345465899 CET	49742	443	192.168.2.4	35.190.80.1
Jan 13, 2025 01:01:43.345474005 CET	443	49742	35.190.80.1	192.168.2.4
Jan 13, 2025 01:01:43.389554977 CET	49742	443	192.168.2.4	35.190.80.1
Jan 13, 2025 01:01:43.418960094 CET	443	49742	35.190.80.1	192.168.2.4
Jan 13, 2025 01:01:43.419173956 CET	443	49742	35.190.80.1	192.168.2.4
Jan 13, 2025 01:01:43.419332981 CET	49742	443	192.168.2.4	35.190.80.1
Jan 13, 2025 01:01:43.427242041 CET	49742	443	192.168.2.4	35.190.80.1
Jan 13, 2025 01:01:43.427264929 CET	443	49742	35.190.80.1	192.168.2.4
Jan 13, 2025 01:01:43.427867889 CET	49745	443	192.168.2.4	35.190.80.1
Jan 13, 2025 01:01:43.427915096 CET	443	49745	35.190.80.1	192.168.2.4
Jan 13, 2025 01:01:43.427974939 CET	49745	443	192.168.2.4	35.190.80.1
Jan 13, 2025 01:01:43.428476095 CET	49745	443	192.168.2.4	35.190.80.1
Jan 13, 2025 01:01:43.428494930 CET	443	49745	35.190.80.1	192.168.2.4
Jan 13, 2025 01:01:43.765732050 CET	443	49744	104.21.16.1	192.168.2.4
Jan 13, 2025 01:01:43.812983036 CET	49744	443	192.168.2.4	104.21.16.1
Jan 13, 2025 01:01:43.841298103 CET	49744	443	192.168.2.4	104.21.16.1
Jan 13, 2025 01:01:43.841320992 CET	443	49744	104.21.16.1	192.168.2.4
Jan 13, 2025 01:01:43.842077017 CET	443	49744	104.21.16.1	192.168.2.4
Jan 13, 2025 01:01:43.844845057 CET	49744	443	192.168.2.4	104.21.16.1
Jan 13, 2025 01:01:43.844945908 CET	443	49744	104.21.16.1	192.168.2.4
Jan 13, 2025 01:01:43.845287085 CET	49744	443	192.168.2.4	104.21.16.1
Jan 13, 2025 01:01:43.887335062 CET	443	49744	104.21.16.1	192.168.2.4
Jan 13, 2025 01:01:43.887958050 CET	443	49745	35.190.80.1	192.168.2.4
Jan 13, 2025 01:01:43.891774893 CET	49745	443	192.168.2.4	35.190.80.1
Jan 13, 2025 01:01:43.891794920 CET	443	49745	35.190.80.1	192.168.2.4
Jan 13, 2025 01:01:43.892201900 CET	443	49745	35.190.80.1	192.168.2.4
Jan 13, 2025 01:01:43.893053055 CET	49745	443	192.168.2.4	35.190.80.1
Jan 13, 2025 01:01:43.893112898 CET	443	49745	35.190.80.1	192.168.2.4
Jan 13, 2025 01:01:43.893583059 CET	49745	443	192.168.2.4	35.190.80.1
Jan 13, 2025 01:01:43.935358047 CET	443	49745	35.190.80.1	192.168.2.4
Jan 13, 2025 01:01:43.941556931 CET	443	49744	104.21.16.1	192.168.2.4
Jan 13, 2025 01:01:43.941653013 CET	443	49744	104.21.16.1	192.168.2.4
Jan 13, 2025 01:01:43.941698074 CET	49744	443	192.168.2.4	104.21.16.1
Jan 13, 2025 01:01:43.954257965 CET	49744	443	192.168.2.4	104.21.16.1
Jan 13, 2025 01:01:43.954277039 CET	443	49744	104.21.16.1	192.168.2.4
Jan 13, 2025 01:01:43.975169897 CET	49746	443	192.168.2.4	104.21.16.1
Jan 13, 2025 01:01:43.975197077 CET	443	49746	104.21.16.1	192.168.2.4
Jan 13, 2025 01:01:43.975277901 CET	49746	443	192.168.2.4	104.21.16.1
Jan 13, 2025 01:01:43.975644112 CET	49746	443	192.168.2.4	104.21.16.1
Jan 13, 2025 01:01:43.975656033 CET	443	49746	104.21.16.1	192.168.2.4
Jan 13, 2025 01:01:44.019011021 CET	443	49745	35.190.80.1	192.168.2.4
Jan 13, 2025 01:01:44.019231081 CET	443	49745	35.190.80.1	192.168.2.4
Jan 13, 2025 01:01:44.019269943 CET	49745	443	192.168.2.4	35.190.80.1
Jan 13, 2025 01:01:44.019293070 CET	443	49745	35.190.80.1	192.168.2.4
Jan 13, 2025 01:01:44.019304037 CET	49745	443	192.168.2.4	35.190.80.1
Jan 13, 2025 01:01:44.019304037 CET	49745	443	192.168.2.4	35.190.80.1
Jan 13, 2025 01:01:44.019329071 CET	49745	443	192.168.2.4	35.190.80.1
Jan 13, 2025 01:01:44.062711000 CET	49747	443	192.168.2.4	104.21.48.1
Jan 13, 2025 01:01:44.062755108 CET	443	49747	104.21.48.1	192.168.2.4
Jan 13, 2025 01:01:44.062810898 CET	49747	443	192.168.2.4	104.21.48.1
Jan 13, 2025 01:01:44.063235044 CET	49747	443	192.168.2.4	104.21.48.1
Jan 13, 2025 01:01:44.063250065 CET	443	49747	104.21.48.1	192.168.2.4
Jan 13, 2025 01:01:44.465451956 CET	443	49746	104.21.16.1	192.168.2.4
Jan 13, 2025 01:01:44.465857983 CET	49746	443	192.168.2.4	104.21.16.1
Jan 13, 2025 01:01:44.465883017 CET	443	49746	104.21.16.1	192.168.2.4
Jan 13, 2025 01:01:44.466197968 CET	443	49746	104.21.16.1	192.168.2.4
Jan 13, 2025 01:01:44.466677904 CET	49746	443	192.168.2.4	104.21.16.1
Jan 13, 2025 01:01:44.466737986 CET	443	49746	104.21.16.1	192.168.2.4
Jan 13, 2025 01:01:44.466986895 CET	49746	443	192.168.2.4	104.21.16.1
Jan 13, 2025 01:01:44.507323980 CET	443	49746	104.21.16.1	192.168.2.4
Jan 13, 2025 01:01:44.547141075 CET	443	49747	104.21.48.1	192.168.2.4
Jan 13, 2025 01:01:44.547739983 CET	49747	443	192.168.2.4	104.21.48.1
Jan 13, 2025 01:01:44.547759056 CET	443	49747	104.21.48.1	192.168.2.4
Jan 13, 2025 01:01:44.549190044 CET	443	49747	104.21.48.1	192.168.2.4
Jan 13, 2025 01:01:44.549251080 CET	49747	443	192.168.2.4	104.21.48.1
Jan 13, 2025 01:01:44.550039053 CET	49747	443	192.168.2.4	104.21.48.1
Jan 13, 2025 01:01:44.550111055 CET	443	49747	104.21.48.1	192.168.2.4
Jan 13, 2025 01:01:44.550293922 CET	49747	443	192.168.2.4	104.21.48.1
Jan 13, 2025 01:01:44.550302982 CET	443	49747	104.21.48.1	192.168.2.4
Jan 13, 2025 01:01:44.591383934 CET	49747	443	192.168.2.4	104.21.48.1
Jan 13, 2025 01:01:44.676789999 CET	443	49747	104.21.48.1	192.168.2.4
Jan 13, 2025 01:01:44.676857948 CET	443	49747	104.21.48.1	192.168.2.4
Jan 13, 2025 01:01:44.676958084 CET	49747	443	192.168.2.4	104.21.48.1
Jan 13, 2025 01:01:44.678858042 CET	49747	443	192.168.2.4	104.21.48.1
Jan 13, 2025 01:01:44.678884029 CET	443	49747	104.21.48.1	192.168.2.4
Jan 13, 2025 01:01:44.864341021 CET	443	49746	104.21.16.1	192.168.2.4
Jan 13, 2025 01:01:44.864530087 CET	443	49746	104.21.16.1	192.168.2.4
Jan 13, 2025 01:01:44.864607096 CET	49746	443	192.168.2.4	104.21.16.1
Jan 13, 2025 01:01:44.866041899 CET	49746	443	192.168.2.4	104.21.16.1
Jan 13, 2025 01:01:44.866065979 CET	443	49746	104.21.16.1	192.168.2.4
Jan 13, 2025 01:01:44.873822927 CET	49748	443	192.168.2.4	104.21.48.1
Jan 13, 2025 01:01:44.873948097 CET	443	49748	104.21.48.1	192.168.2.4
Jan 13, 2025 01:01:44.874036074 CET	49748	443	192.168.2.4	104.21.48.1
Jan 13, 2025 01:01:44.874310017 CET	49748	443	192.168.2.4	104.21.48.1
Jan 13, 2025 01:01:44.874352932 CET	443	49748	104.21.48.1	192.168.2.4
Jan 13, 2025 01:01:45.328955889 CET	443	49748	104.21.48.1	192.168.2.4
Jan 13, 2025 01:01:45.329483986 CET	49748	443	192.168.2.4	104.21.48.1
Jan 13, 2025 01:01:45.329520941 CET	443	49748	104.21.48.1	192.168.2.4
Jan 13, 2025 01:01:45.329818964 CET	443	49748	104.21.48.1	192.168.2.4
Jan 13, 2025 01:01:45.331058025 CET	49748	443	192.168.2.4	104.21.48.1
Jan 13, 2025 01:01:45.331145048 CET	443	49748	104.21.48.1	192.168.2.4
Jan 13, 2025 01:01:45.331465960 CET	49748	443	192.168.2.4	104.21.48.1
Jan 13, 2025 01:01:45.375338078 CET	443	49748	104.21.48.1	192.168.2.4
Jan 13, 2025 01:01:45.614703894 CET	443	49748	104.21.48.1	192.168.2.4
Jan 13, 2025 01:01:45.614897013 CET	443	49748	104.21.48.1	192.168.2.4
Jan 13, 2025 01:01:45.614990950 CET	49748	443	192.168.2.4	104.21.48.1
Jan 13, 2025 01:01:45.775224924 CET	49748	443	192.168.2.4	104.21.48.1
Jan 13, 2025 01:01:45.775274992 CET	443	49748	104.21.48.1	192.168.2.4
Jan 13, 2025 01:01:51.214834929 CET	443	49738	142.250.181.228	192.168.2.4
Jan 13, 2025 01:01:51.214926958 CET	443	49738	142.250.181.228	192.168.2.4
Jan 13, 2025 01:01:51.214979887 CET	49738	443	192.168.2.4	142.250.181.228
Jan 13, 2025 01:01:53.119858980 CET	80	49723	84.201.210.39	192.168.2.4
Jan 13, 2025 01:01:53.121748924 CET	49723	80	192.168.2.4	84.201.210.39
Jan 13, 2025 01:01:53.127585888 CET	49723	80	192.168.2.4	84.201.210.39
Jan 13, 2025 01:01:53.130894899 CET	49738	443	192.168.2.4	142.250.181.228
Jan 13, 2025 01:01:53.130987883 CET	443	49738	142.250.181.228	192.168.2.4
Jan 13, 2025 01:01:53.132436991 CET	80	49723	84.201.210.39	192.168.2.4
Jan 13, 2025 01:02:40.686925888 CET	49814	443	192.168.2.4	142.250.181.228
Jan 13, 2025 01:02:40.686968088 CET	443	49814	142.250.181.228	192.168.2.4
Jan 13, 2025 01:02:40.687062979 CET	49814	443	192.168.2.4	142.250.181.228
Jan 13, 2025 01:02:40.687362909 CET	49814	443	192.168.2.4	142.250.181.228
Jan 13, 2025 01:02:40.687377930 CET	443	49814	142.250.181.228	192.168.2.4
Jan 13, 2025 01:02:41.326056957 CET	443	49814	142.250.181.228	192.168.2.4
Jan 13, 2025 01:02:41.326375961 CET	49814	443	192.168.2.4	142.250.181.228
Jan 13, 2025 01:02:41.326402903 CET	443	49814	142.250.181.228	192.168.2.4
Jan 13, 2025 01:02:41.326950073 CET	443	49814	142.250.181.228	192.168.2.4
Jan 13, 2025 01:02:41.327286959 CET	49814	443	192.168.2.4	142.250.181.228
Jan 13, 2025 01:02:41.327380896 CET	443	49814	142.250.181.228	192.168.2.4
Jan 13, 2025 01:02:41.372180939 CET	49814	443	192.168.2.4	142.250.181.228
Jan 13, 2025 01:02:42.273214102 CET	49724	80	192.168.2.4	2.22.50.131
Jan 13, 2025 01:02:42.278245926 CET	80	49724	2.22.50.131	192.168.2.4
Jan 13, 2025 01:02:42.278364897 CET	49724	80	192.168.2.4	2.22.50.131
Jan 13, 2025 01:02:51.320946932 CET	443	49814	142.250.181.228	192.168.2.4
Jan 13, 2025 01:02:51.321094990 CET	443	49814	142.250.181.228	192.168.2.4
Jan 13, 2025 01:02:51.321154118 CET	49814	443	192.168.2.4	142.250.181.228
Jan 13, 2025 01:02:53.105681896 CET	49814	443	192.168.2.4	142.250.181.228
Jan 13, 2025 01:02:53.105711937 CET	443	49814	142.250.181.228	192.168.2.4

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jan 13, 2025 01:01:36.587934971 CET	53	53131	1.1.1.1	192.168.2.4
Jan 13, 2025 01:01:36.703145981 CET	53	60969	1.1.1.1	192.168.2.4
Jan 13, 2025 01:01:37.678414106 CET	53	55812	1.1.1.1	192.168.2.4
Jan 13, 2025 01:01:40.634608984 CET	56023	53	192.168.2.4	1.1.1.1
Jan 13, 2025 01:01:40.634948015 CET	57919	53	192.168.2.4	1.1.1.1
Jan 13, 2025 01:01:40.641551018 CET	53	56023	1.1.1.1	192.168.2.4
Jan 13, 2025 01:01:40.641793013 CET	53	57919	1.1.1.1	192.168.2.4
Jan 13, 2025 01:01:41.943856001 CET	53143	53	192.168.2.4	1.1.1.1
Jan 13, 2025 01:01:41.944766998 CET	62029	53	192.168.2.4	1.1.1.1
Jan 13, 2025 01:01:41.955409050 CET	53	53143	1.1.1.1	192.168.2.4
Jan 13, 2025 01:01:41.978172064 CET	53	62029	1.1.1.1	192.168.2.4
Jan 13, 2025 01:01:42.584274054 CET	52485	53	192.168.2.4	1.1.1.1
Jan 13, 2025 01:01:42.584737062 CET	62277	53	192.168.2.4	1.1.1.1
Jan 13, 2025 01:01:42.591006041 CET	53	52485	1.1.1.1	192.168.2.4
Jan 13, 2025 01:01:42.591253042 CET	53	62277	1.1.1.1	192.168.2.4
Jan 13, 2025 01:01:44.007957935 CET	54868	53	192.168.2.4	1.1.1.1
Jan 13, 2025 01:01:44.008361101 CET	60368	53	192.168.2.4	1.1.1.1
Jan 13, 2025 01:01:44.042922020 CET	53	54868	1.1.1.1	192.168.2.4
Jan 13, 2025 01:01:44.070940971 CET	53	60368	1.1.1.1	192.168.2.4
Jan 13, 2025 01:01:53.833722115 CET	138	138	192.168.2.4	192.168.2.255
Jan 13, 2025 01:01:54.706089020 CET	53	61274	1.1.1.1	192.168.2.4
Jan 13, 2025 01:02:13.414136887 CET	53	63399	1.1.1.1	192.168.2.4
Jan 13, 2025 01:02:36.444008112 CET	53	57004	1.1.1.1	192.168.2.4
Jan 13, 2025 01:02:36.444977045 CET	53	63416	1.1.1.1	192.168.2.4
Jan 13, 2025 01:03:07.005537987 CET	53	61529	1.1.1.1	192.168.2.4

ICMP Packets

Timestamp	Source IP	Dest IP	Checksum	Code	Type
Jan 13, 2025 01:01:44.071018934 CET	192.168.2.4	1.1.1.1	c2df	(Port unreachable)	Destination Unreachable

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Jan 13, 2025 01:01:40.634608984 CET	192.168.2.4	1.1.1.1	0x4793	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Jan 13, 2025 01:01:40.634948015 CET	192.168.2.4	1.1.1.1	0x758a	Standard query (0)	www.google.com	65	IN (0x0001)	false
Jan 13, 2025 01:01:41.943856001 CET	192.168.2.4	1.1.1.1	0x6988	Standard query (0)	reserves-page.com	A (IP address)	IN (0x0001)	false
Jan 13, 2025 01:01:41.944766998 CET	192.168.2.4	1.1.1.1	0xa100	Standard query (0)	reserves-page.com	65	IN (0x0001)	false
Jan 13, 2025 01:01:42.584274054 CET	192.168.2.4	1.1.1.1	0x5971	Standard query (0)	a.nel.cloudflare.com	A (IP address)	IN (0x0001)	false
Jan 13, 2025 01:01:42.584737062 CET	192.168.2.4	1.1.1.1	0x329c	Standard query (0)	a.nel.cloudflare.com	65	IN (0x0001)	false
Jan 13, 2025 01:01:44.007957935 CET	192.168.2.4	1.1.1.1	0x3dfc	Standard query (0)	reserves-page.com	A (IP address)	IN (0x0001)	false
Jan 13, 2025 01:01:44.008361101 CET	192.168.2.4	1.1.1.1	0x78d3	Standard query (0)	reserves-page.com	65	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Jan 13, 2025 01:01:40.641551018 CET	1.1.1.1	192.168.2.4	0x4793	No error (0)	www.google.com		142.250.181.228	A (IP address)	IN (0x0001)	false
Jan 13, 2025 01:01:40.641793013 CET	1.1.1.1	192.168.2.4	0x758a	No error (0)	www.google.com			65	IN (0x0001)	false
Jan 13, 2025 01:01:41.955409050 CET	1.1.1.1	192.168.2.4	0x6988	No error (0)	reserves-page.com		104.21.16.1	A (IP address)	IN (0x0001)	false
Jan 13, 2025 01:01:41.955409050 CET	1.1.1.1	192.168.2.4	0x6988	No error (0)	reserves-page.com		104.21.96.1	A (IP address)	IN (0x0001)	false
Jan 13, 2025 01:01:41.955409050 CET	1.1.1.1	192.168.2.4	0x6988	No error (0)	reserves-page.com		104.21.64.1	A (IP address)	IN (0x0001)	false
Jan 13, 2025 01:01:41.955409050 CET	1.1.1.1	192.168.2.4	0x6988	No error (0)	reserves-page.com		104.21.48.1	A (IP address)	IN (0x0001)	false
Jan 13, 2025 01:01:41.955409050 CET	1.1.1.1	192.168.2.4	0x6988	No error (0)	reserves-page.com		104.21.112.1	A (IP address)	IN (0x0001)	false
Jan 13, 2025 01:01:41.955409050 CET	1.1.1.1	192.168.2.4	0x6988	No error (0)	reserves-page.com		104.21.32.1	A (IP address)	IN (0x0001)	false
Jan 13, 2025 01:01:41.955409050 CET	1.1.1.1	192.168.2.4	0x6988	No error (0)	reserves-page.com		104.21.80.1	A (IP address)	IN (0x0001)	false
Jan 13, 2025 01:01:41.978172064 CET	1.1.1.1	192.168.2.4	0xa100	No error (0)	reserves-page.com			65	IN (0x0001)	false
Jan 13, 2025 01:01:42.591006041 CET	1.1.1.1	192.168.2.4	0x5971	No error (0)	a.nel.cloudflare.com		35.190.80.1	A (IP address)	IN (0x0001)	false
Jan 13, 2025 01:01:44.042922020 CET	1.1.1.1	192.168.2.4	0x3dfc	No error (0)	reserves-page.com		104.21.48.1	A (IP address)	IN (0x0001)	false
Jan 13, 2025 01:01:44.042922020 CET	1.1.1.1	192.168.2.4	0x3dfc	No error (0)	reserves-page.com		104.21.96.1	A (IP address)	IN (0x0001)	false
Jan 13, 2025 01:01:44.042922020 CET	1.1.1.1	192.168.2.4	0x3dfc	No error (0)	reserves-page.com		104.21.80.1	A (IP address)	IN (0x0001)	false
Jan 13, 2025 01:01:44.042922020 CET	1.1.1.1	192.168.2.4	0x3dfc	No error (0)	reserves-page.com		104.21.16.1	A (IP address)	IN (0x0001)	false
Jan 13, 2025 01:01:44.042922020 CET	1.1.1.1	192.168.2.4	0x3dfc	No error (0)	reserves-page.com		104.21.32.1	A (IP address)	IN (0x0001)	false
Jan 13, 2025 01:01:44.042922020 CET	1.1.1.1	192.168.2.4	0x3dfc	No error (0)	reserves-page.com		104.21.64.1	A (IP address)	IN (0x0001)	false
Jan 13, 2025 01:01:44.042922020 CET	1.1.1.1	192.168.2.4	0x3dfc	No error (0)	reserves-page.com		104.21.112.1	A (IP address)	IN (0x0001)	false
Jan 13, 2025 01:01:44.070940971 CET	1.1.1.1	192.168.2.4	0x78d3	No error (0)	reserves-page.com			65	IN (0x0001)	false
Jan 13, 2025 01:01:50.096584082 CET	1.1.1.1	192.168.2.4	0xd9bc	No error (0)	bg.microsoft.map.fastly.net		199.232.214.172	A (IP address)	IN (0x0001)	false
Jan 13, 2025 01:01:50.096584082 CET	1.1.1.1	192.168.2.4	0xd9bc	No error (0)	bg.microsoft.map.fastly.net		199.232.210.172	A (IP address)	IN (0x0001)	false
Jan 13, 2025 01:01:51.590706110 CET	1.1.1.1	192.168.2.4	0xb513	No error (0)	fp2e7a.wpc.2be4.phicdn.net	fp2e7a.wpc.phicdn.net		CNAME (Canonical name)	IN (0x0001)	false
Jan 13, 2025 01:01:51.590706110 CET	1.1.1.1	192.168.2.4	0xb513	No error (0)	fp2e7a.wpc.phicdn.net		192.229.221.95	A (IP address)	IN (0x0001)	false
Jan 13, 2025 01:02:03.724633932 CET	1.1.1.1	192.168.2.4	0xdaf1	No error (0)	fp2e7a.wpc.2be4.phicdn.net	fp2e7a.wpc.phicdn.net		CNAME (Canonical name)	IN (0x0001)	false
Jan 13, 2025 01:02:03.724633932 CET	1.1.1.1	192.168.2.4	0xdaf1	No error (0)	fp2e7a.wpc.phicdn.net		192.229.221.95	A (IP address)	IN (0x0001)	false
Jan 13, 2025 01:02:28.490416050 CET	1.1.1.1	192.168.2.4	0x1bc6	No error (0)	fp2e7a.wpc.2be4.phicdn.net	fp2e7a.wpc.phicdn.net		CNAME (Canonical name)	IN (0x0001)	false
Jan 13, 2025 01:02:28.490416050 CET	1.1.1.1	192.168.2.4	0x1bc6	No error (0)	fp2e7a.wpc.phicdn.net		192.229.221.95	A (IP address)	IN (0x0001)	false
Jan 13, 2025 01:02:30.791662931 CET	1.1.1.1	192.168.2.4	0xc80f	No error (0)	shed.dual-low.s-part-0017.t-0009.t-msedge.net	s-part-0017.t-0009.t-msedge.net		CNAME (Canonical name)	IN (0x0001)	false
Jan 13, 2025 01:02:30.791662931 CET	1.1.1.1	192.168.2.4	0xc80f	No error (0)	s-part-0017.t-0009.t-msedge.net		13.107.246.45	A (IP address)	IN (0x0001)	false
Jan 13, 2025 01:02:49.521291018 CET	1.1.1.1	192.168.2.4	0xa987	No error (0)	shed.dual-low.s-part-0017.t-0009.t-msedge.net	s-part-0017.t-0009.t-msedge.net		CNAME (Canonical name)	IN (0x0001)	false
Jan 13, 2025 01:02:49.521291018 CET	1.1.1.1	192.168.2.4	0xa987	No error (0)	s-part-0017.t-0009.t-msedge.net		13.107.246.45	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

reserves-page.com

https:

a.nel.cloudflare.com

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.4	49740	104.21.16.1	443	3940	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-13 00:01:42 UTC	668	OUT	GET /evquyjaw HTTP/1.1 Host: reserves-page.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-13 00:01:42 UTC	562	IN	HTTP/1.1 403 Forbidden Date: Mon, 13 Jan 2025 00:01:42 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close X-Frame-Options: SAMEORIGIN Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=4cw%2FiHr0XuECvea98csnAqPrFuFn99lGeepsU6BPTSomwHWxl%2FzdH%2BZYp5xo1EthJedJogRhvVyCkBOJZoJOZizNAMESrYpttUBA5g31cT1dMGAsSEFXj4a4IX1w%2B6PD5OKhTA%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 90111d00dd5d0fa8-EWR
2025-01-13 00:01:42 UTC	807	IN	Data Raw: 31 31 63 39 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 21 2d 2d 5b 69 66 20 6c 74 20 49 45 20 37 5d 3e 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 36 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 37 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 37 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 38 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 38 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 Data Ascii: 11c9<!DOCTYPE html>...[if lt IE 7]> <html class="no-js ie6 oldie" lang="en-US"> <![endif]-->...[if IE 7]> <html class="no-js ie7 oldie" lang="en-US"> <![endif]-->...[if IE 8]> <html class="no-js ie8 oldie" lang="en-US"> <![endif]-->...[if
2025-01-13 00:01:42 UTC	1369	IN	Data Raw: 63 67 69 2f 73 74 79 6c 65 73 2f 63 66 2e 65 72 72 6f 72 73 2e 69 65 2e 63 73 73 22 20 2f 3e 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 73 74 79 6c 65 3e 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 3c 2f 73 74 79 6c 65 3e 0a 0a 0a 3c 21 2d 2d 5b 69 66 20 67 74 65 20 49 45 20 31 30 5d 3e 3c 21 2d 2d 3e 0a 3c 73 63 72 69 70 74 3e 0a 20 20 69 66 20 28 21 6e 61 76 69 67 61 74 6f 72 2e 63 6f 6f 6b 69 65 45 6e 61 62 6c 65 64 29 20 7b 0a 20 20 20 20 77 69 6e 64 6f 77 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 28 27 44 4f 4d 43 6f 6e 74 65 6e 74 4c 6f 61 64 65 64 27 2c 20 66 75 6e 63 74 69 6f 6e 20 28 29 20 7b 0a 20 20 20 20 20 20 76 61 72 20 63 6f 6f 6b 69 65 45 6c 20 3d 20 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e Data Ascii: cgi/styles/cf.errors.ie.css" /><![endif]--><style>body{margin:0;padding:0}</style>...[if gte IE 10]>...><script> if (!navigator.cookieEnabled) { window.addEventListener('DOMContentLoaded', function () { var cookieEl = document.getElemen
2025-01-13 00:01:42 UTC	1369	IN	Data Raw: 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 63 6c 6f 75 64 66 6c 61 72 65 2e 63 6f 6d 2f 6c 65 61 72 6e 69 6e 67 2f 61 63 63 65 73 73 2d 6d 61 6e 61 67 65 6d 65 6e 74 2f 70 68 69 73 68 69 6e 67 2d 61 74 74 61 63 6b 2f 22 20 63 6c 61 73 73 3d 22 63 66 2d 62 74 6e 22 20 73 74 79 6c 65 3d 22 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 34 30 34 30 34 30 3b 20 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 20 62 6f 72 64 65 72 3a 20 30 3b 22 3e 4c 65 61 72 6e 20 4d 6f 72 65 3c 2f 61 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 66 6f 72 6d 20 Data Ascii: <a href="https://www.cloudflare.com/learning/access-management/phishing-attack/" class="cf-btn" style="background-color: #404040; color: #fff; border: 0;">Learn More</a> <form
2025-01-13 00:01:42 UTC	1016	IN	Data Raw: 65 61 6c 22 20 63 6c 61 73 73 3d 22 63 66 2d 66 6f 6f 74 65 72 2d 69 70 2d 72 65 76 65 61 6c 2d 62 74 6e 22 3e 43 6c 69 63 6b 20 74 6f 20 72 65 76 65 61 6c 3c 2f 62 75 74 74 6f 6e 3e 0a 20 20 20 20 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 68 69 64 64 65 6e 22 20 69 64 3d 22 63 66 2d 66 6f 6f 74 65 72 2d 69 70 22 3e 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 63 66 2d 66 6f 6f 74 65 72 2d 73 65 70 61 72 61 74 6f 72 20 73 6d 3a 68 69 64 64 65 6e 22 3e 26 62 75 6c 6c 3b 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 3c 2f 73 70 61 6e 3e 0a 20 20 20 20 3c 73 70 61 6e 20 63 6c 61 73 73 3d 22 63 66 2d 66 6f 6f 74 65 72 2d 69 74 65 6d 20 73 6d 3a 62 6c 6f 63 6b 20 73 6d 3a 6d 62 2d 31 22 3e 3c 73 Data Ascii: eal" class="cf-footer-ip-reveal-btn">Click to reveal</button> <span class="hidden" id="cf-footer-ip">8.46.123.189</span> <span class="cf-footer-separator sm:hidden">•</span> </span> <span class="cf-footer-item sm:block sm:mb-1"><s
2025-01-13 00:01:42 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.4	49741	104.21.16.1	443	3940	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-13 00:01:42 UTC	569	OUT	GET /cdn-cgi/styles/cf.errors.css HTTP/1.1 Host: reserves-page.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: text/css,/;q=0.1 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: style Referer: https://reserves-page.com/evquyjaw Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-13 00:01:42 UTC	411	IN	HTTP/1.1 200 OK Date: Mon, 13 Jan 2025 00:01:42 GMT Content-Type: text/css Content-Length: 24051 Connection: close Last-Modified: Tue, 07 Jan 2025 14:31:40 GMT ETag: "677d3acc-5df3" Server: cloudflare CF-RAY: 90111d01de860fa8-EWR X-Frame-Options: DENY X-Content-Type-Options: nosniff Expires: Mon, 13 Jan 2025 02:01:42 GMT Cache-Control: max-age=7200 Cache-Control: public Accept-Ranges: bytes
2025-01-13 00:01:42 UTC	958	IN	Data Raw: 23 63 66 2d 77 72 61 70 70 65 72 20 61 2c 23 63 66 2d 77 72 61 70 70 65 72 20 61 62 62 72 2c 23 63 66 2d 77 72 61 70 70 65 72 20 61 72 74 69 63 6c 65 2c 23 63 66 2d 77 72 61 70 70 65 72 20 61 73 69 64 65 2c 23 63 66 2d 77 72 61 70 70 65 72 20 62 2c 23 63 66 2d 77 72 61 70 70 65 72 20 62 69 67 2c 23 63 66 2d 77 72 61 70 70 65 72 20 62 6c 6f 63 6b 71 75 6f 74 65 2c 23 63 66 2d 77 72 61 70 70 65 72 20 62 6f 64 79 2c 23 63 66 2d 77 72 61 70 70 65 72 20 63 61 6e 76 61 73 2c 23 63 66 2d 77 72 61 70 70 65 72 20 63 61 70 74 69 6f 6e 2c 23 63 66 2d 77 72 61 70 70 65 72 20 63 65 6e 74 65 72 2c 23 63 66 2d 77 72 61 70 70 65 72 20 63 69 74 65 2c 23 63 66 2d 77 72 61 70 70 65 72 20 63 6f 64 65 2c 23 63 66 2d 77 72 61 70 70 65 72 20 64 64 2c 23 63 66 2d 77 72 61 70 70 Data Ascii: #cf-wrapper a,#cf-wrapper abbr,#cf-wrapper article,#cf-wrapper aside,#cf-wrapper b,#cf-wrapper big,#cf-wrapper blockquote,#cf-wrapper body,#cf-wrapper canvas,#cf-wrapper caption,#cf-wrapper center,#cf-wrapper cite,#cf-wrapper code,#cf-wrapper dd,#cf-wrapp
2025-01-13 00:01:42 UTC	1369	IN	Data Raw: 65 2c 23 63 66 2d 77 72 61 70 70 65 72 20 73 74 72 6f 6e 67 2c 23 63 66 2d 77 72 61 70 70 65 72 20 73 75 62 2c 23 63 66 2d 77 72 61 70 70 65 72 20 73 75 6d 6d 61 72 79 2c 23 63 66 2d 77 72 61 70 70 65 72 20 73 75 70 2c 23 63 66 2d 77 72 61 70 70 65 72 20 74 61 62 6c 65 2c 23 63 66 2d 77 72 61 70 70 65 72 20 74 62 6f 64 79 2c 23 63 66 2d 77 72 61 70 70 65 72 20 74 64 2c 23 63 66 2d 77 72 61 70 70 65 72 20 74 66 6f 6f 74 2c 23 63 66 2d 77 72 61 70 70 65 72 20 74 68 2c 23 63 66 2d 77 72 61 70 70 65 72 20 74 68 65 61 64 2c 23 63 66 2d 77 72 61 70 70 65 72 20 74 72 2c 23 63 66 2d 77 72 61 70 70 65 72 20 74 74 2c 23 63 66 2d 77 72 61 70 70 65 72 20 75 2c 23 63 66 2d 77 72 61 70 70 65 72 20 75 6c 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 3b 62 6f Data Ascii: e,#cf-wrapper strong,#cf-wrapper sub,#cf-wrapper summary,#cf-wrapper sup,#cf-wrapper table,#cf-wrapper tbody,#cf-wrapper td,#cf-wrapper tfoot,#cf-wrapper th,#cf-wrapper thead,#cf-wrapper tr,#cf-wrapper tt,#cf-wrapper u,#cf-wrapper ul{margin:0;padding:0;bo
2025-01-13 00:01:42 UTC	1369	IN	Data Raw: 31 2e 35 21 69 6d 70 6f 72 74 61 6e 74 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 21 69 6d 70 6f 72 74 61 6e 74 3b 6c 65 74 74 65 72 2d 73 70 61 63 69 6e 67 3a 6e 6f 72 6d 61 6c 3b 2d 77 65 62 6b 69 74 2d 74 61 70 2d 68 69 67 68 6c 69 67 68 74 2d 63 6f 6c 6f 72 3a 72 67 62 61 28 32 34 36 2c 31 33 39 2c 33 31 2c 2e 33 29 3b 2d 77 65 62 6b 69 74 2d 66 6f 6e 74 2d 73 6d 6f 6f 74 68 69 6e 67 3a 61 6e 74 69 61 6c 69 61 73 65 64 7d 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 73 65 63 74 69 6f 6e 2c 23 63 66 2d 77 72 61 70 70 65 72 20 73 65 63 74 69 6f 6e 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 30 20 30 3b 64 69 73 70 6c 61 79 3a 62 6c 6f 63 6b 3b 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 32 65 6d 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 65 6d Data Ascii: 1.5!important;text-decoration:none!important;letter-spacing:normal;-webkit-tap-highlight-color:rgba(246,139,31,.3);-webkit-font-smoothing:antialiased}#cf-wrapper .cf-section,#cf-wrapper section{background:0 0;display:block;margin-bottom:2em;margin-top:2em
2025-01-13 00:01:42 UTC	1369	IN	Data Raw: 6c 64 28 32 6e 29 2c 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 63 6f 6c 75 6d 6e 73 2e 63 6f 6c 73 2d 34 3e 2e 63 66 2d 63 6f 6c 75 6d 6e 3a 6e 74 68 2d 63 68 69 6c 64 28 32 6e 29 2c 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 63 6f 6c 75 6d 6e 73 2e 66 6f 75 72 3e 2e 63 66 2d 63 6f 6c 75 6d 6e 3a 6e 74 68 2d 63 68 69 6c 64 28 32 6e 29 2c 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 63 6f 6c 75 6d 6e 73 2e 74 77 6f 3e 2e 63 66 2d 63 6f 6c 75 6d 6e 3a 6e 74 68 2d 63 68 69 6c 64 28 32 6e 29 7b 70 61 64 64 69 6e 67 2d 6c 65 66 74 3a 32 32 2e 35 70 78 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 30 7d 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 63 6f 6c 75 6d 6e 73 2e 63 6f 6c 73 2d 32 3e 2e 63 66 2d 63 6f 6c 75 6d 6e 3a 6e 74 68 2d 63 68 69 Data Ascii: ld(2n),#cf-wrapper .cf-columns.cols-4>.cf-column:nth-child(2n),#cf-wrapper .cf-columns.four>.cf-column:nth-child(2n),#cf-wrapper .cf-columns.two>.cf-column:nth-child(2n){padding-left:22.5px;padding-right:0}#cf-wrapper .cf-columns.cols-2>.cf-column:nth-chi
2025-01-13 00:01:42 UTC	1369	IN	Data Raw: 29 2c 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 63 6f 6c 75 6d 6e 73 2e 66 6f 75 72 3e 2e 63 66 2d 63 6f 6c 75 6d 6e 3a 6e 74 68 2d 63 68 69 6c 64 28 6f 64 64 29 7b 63 6c 65 61 72 3a 6e 6f 6e 65 7d 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 63 6f 6c 75 6d 6e 73 2e 63 6f 6c 73 2d 34 3e 2e 63 66 2d 63 6f 6c 75 6d 6e 3a 66 69 72 73 74 2d 63 68 69 6c 64 2c 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 63 6f 6c 75 6d 6e 73 2e 63 6f 6c 73 2d 34 3e 2e 63 66 2d 63 6f 6c 75 6d 6e 3a 6e 74 68 2d 63 68 69 6c 64 28 34 6e 2b 31 29 2c 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 63 6f 6c 75 6d 6e 73 2e 66 6f 75 72 3e 2e 63 66 2d 63 6f 6c 75 6d 6e 3a 66 69 72 73 74 2d 63 68 69 6c 64 2c 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 63 6f 6c 75 6d 6e 73 Data Ascii: ),#cf-wrapper .cf-columns.four>.cf-column:nth-child(odd){clear:none}#cf-wrapper .cf-columns.cols-4>.cf-column:first-child,#cf-wrapper .cf-columns.cols-4>.cf-column:nth-child(4n+1),#cf-wrapper .cf-columns.four>.cf-column:first-child,#cf-wrapper .cf-columns
2025-01-13 00:01:42 UTC	1369	IN	Data Raw: 30 3b 70 61 64 64 69 6e 67 3a 30 7d 23 63 66 2d 77 72 61 70 70 65 72 20 68 31 2c 23 63 66 2d 77 72 61 70 70 65 72 20 68 32 2c 23 63 66 2d 77 72 61 70 70 65 72 20 68 33 7b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 34 30 30 7d 23 63 66 2d 77 72 61 70 70 65 72 20 68 34 2c 23 63 66 2d 77 72 61 70 70 65 72 20 68 35 2c 23 63 66 2d 77 72 61 70 70 65 72 20 68 36 2c 23 63 66 2d 77 72 61 70 70 65 72 20 73 74 72 6f 6e 67 7b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 36 30 30 7d 23 63 66 2d 77 72 61 70 70 65 72 20 68 31 7b 66 6f 6e 74 2d 73 69 7a 65 3a 33 36 70 78 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 2e 32 7d 23 63 66 2d 77 72 61 70 70 65 72 20 68 32 7b 66 6f 6e 74 2d 73 69 7a 65 3a 33 30 70 78 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 2e 33 7d 23 63 66 2d 77 72 61 70 70 65 Data Ascii: 0;padding:0}#cf-wrapper h1,#cf-wrapper h2,#cf-wrapper h3{font-weight:400}#cf-wrapper h4,#cf-wrapper h5,#cf-wrapper h6,#cf-wrapper strong{font-weight:600}#cf-wrapper h1{font-size:36px;line-height:1.2}#cf-wrapper h2{font-size:30px;line-height:1.3}#cf-wrappe
2025-01-13 00:01:42 UTC	1369	IN	Data Raw: 68 32 2b 68 34 2c 23 63 66 2d 77 72 61 70 70 65 72 20 68 32 2b 68 35 2c 23 63 66 2d 77 72 61 70 70 65 72 20 68 32 2b 68 36 2c 23 63 66 2d 77 72 61 70 70 65 72 20 68 33 2b 68 35 2c 23 63 66 2d 77 72 61 70 70 65 72 20 68 33 2b 68 36 2c 23 63 66 2d 77 72 61 70 70 65 72 20 68 33 2b 70 2c 23 63 66 2d 77 72 61 70 70 65 72 20 68 34 2b 70 2c 23 63 66 2d 77 72 61 70 70 65 72 20 68 35 2b 6f 6c 2c 23 63 66 2d 77 72 61 70 70 65 72 20 68 35 2b 70 2c 23 63 66 2d 77 72 61 70 70 65 72 20 68 35 2b 75 6c 7b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2e 35 65 6d 7d 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 62 74 6e 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 74 72 61 6e 73 70 61 72 65 6e 74 3b 62 6f 72 64 65 72 3a 31 70 78 20 73 6f 6c 69 64 20 23 39 39 39 3b 63 6f 6c Data Ascii: h2+h4,#cf-wrapper h2+h5,#cf-wrapper h2+h6,#cf-wrapper h3+h5,#cf-wrapper h3+h6,#cf-wrapper h3+p,#cf-wrapper h4+p,#cf-wrapper h5+ol,#cf-wrapper h5+p,#cf-wrapper h5+ul{margin-top:.5em}#cf-wrapper .cf-btn{background-color:transparent;border:1px solid #999;col
2025-01-13 00:01:42 UTC	1369	IN	Data Raw: 3a 23 36 32 61 31 64 38 3b 62 6f 72 64 65 72 3a 31 70 78 20 73 6f 6c 69 64 20 23 31 36 33 39 35 39 3b 63 6f 6c 6f 72 3a 23 66 66 66 7d 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 62 74 6e 2d 64 61 6e 67 65 72 2c 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 62 74 6e 2d 65 72 72 6f 72 2c 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 62 74 6e 2d 69 6d 70 6f 72 74 61 6e 74 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 62 64 32 34 32 36 3b 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 74 72 61 6e 73 70 61 72 65 6e 74 3b 63 6f 6c 6f 72 3a 23 66 66 66 7d 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 62 74 6e 2d 64 61 6e 67 65 72 3a 68 6f 76 65 72 2c 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 62 74 6e 2d 65 72 72 6f 72 3a 68 6f 76 65 72 2c 23 Data Ascii: :#62a1d8;border:1px solid #163959;color:#fff}#cf-wrapper .cf-btn-danger,#cf-wrapper .cf-btn-error,#cf-wrapper .cf-btn-important{background-color:#bd2426;border-color:transparent;color:#fff}#cf-wrapper .cf-btn-danger:hover,#cf-wrapper .cf-btn-error:hover,#
2025-01-13 00:01:42 UTC	1369	IN	Data Raw: 61 63 65 3a 6e 6f 77 72 61 70 7d 23 63 66 2d 77 72 61 70 70 65 72 20 69 6e 70 75 74 2c 23 63 66 2d 77 72 61 70 70 65 72 20 73 65 6c 65 63 74 2c 23 63 66 2d 77 72 61 70 70 65 72 20 74 65 78 74 61 72 65 61 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 21 69 6d 70 6f 72 74 61 6e 74 3b 62 6f 72 64 65 72 3a 31 70 78 20 73 6f 6c 69 64 20 23 39 39 39 21 69 6d 70 6f 72 74 61 6e 74 3b 63 6f 6c 6f 72 3a 23 34 30 34 30 34 30 21 69 6d 70 6f 72 74 61 6e 74 3b 66 6f 6e 74 2d 73 69 7a 65 3a 2e 38 36 36 36 37 65 6d 21 69 6d 70 6f 72 74 61 6e 74 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 2e 32 34 21 69 6d 70 6f 72 74 61 6e 74 3b 6d 61 72 67 69 6e 3a 30 20 30 20 31 65 6d 21 69 6d 70 6f 72 74 61 6e 74 3b 6d 61 78 2d 77 69 64 74 68 3a 31 30 30 25 21 69 6d 70 6f 72 74 61 6e Data Ascii: ace:nowrap}#cf-wrapper input,#cf-wrapper select,#cf-wrapper textarea{background:#fff!important;border:1px solid #999!important;color:#404040!important;font-size:.86667em!important;line-height:1.24!important;margin:0 0 1em!important;max-width:100%!importan
2025-01-13 00:01:42 UTC	1369	IN	Data Raw: 3a 23 34 30 34 30 34 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 33 70 78 3b 70 61 64 64 69 6e 67 3a 37 2e 35 70 78 20 31 35 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 76 65 72 74 69 63 61 6c 2d 61 6c 69 67 6e 3a 6d 69 64 64 6c 65 3b 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 32 70 78 7d 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 61 6c 65 72 74 3a 65 6d 70 74 79 7b 64 69 73 70 6c 61 79 3a 6e 6f 6e 65 7d 23 63 66 2d 77 72 61 70 70 65 72 20 2e 63 66 2d 61 6c 65 72 74 20 2e 63 66 2d 63 6c 6f 73 65 7b 62 6f 72 64 65 72 3a 31 70 78 20 73 6f 6c 69 64 20 74 72 61 6e 73 70 61 72 65 6e 74 3b 63 6f 6c 6f 72 3a 69 6e 68 65 72 69 74 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 38 2e 37 35 70 78 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 3b 70 61 64 64 69 6e Data Ascii: :#404040;font-size:13px;padding:7.5px 15px;position:relative;vertical-align:middle;border-radius:2px}#cf-wrapper .cf-alert:empty{display:none}#cf-wrapper .cf-alert .cf-close{border:1px solid transparent;color:inherit;font-size:18.75px;line-height:1;paddin

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.4	49742	35.190.80.1	443	3940	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-13 00:01:43 UTC	546	OUT	OPTIONS /report/v4?s=4cw%2FiHr0XuECvea98csnAqPrFuFn99lGeepsU6BPTSomwHWxl%2FzdH%2BZYp5xo1EthJedJogRhvVyCkBOJZoJOZizNAMESrYpttUBA5g31cT1dMGAsSEFXj4a4IX1w%2B6PD5OKhTA%3D%3D HTTP/1.1 Host: a.nel.cloudflare.com Connection: keep-alive Origin: https://reserves-page.com Access-Control-Request-Method: POST Access-Control-Request-Headers: content-type User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-13 00:01:43 UTC	336	IN	HTTP/1.1 200 OK Content-Length: 0 access-control-max-age: 86400 access-control-allow-methods: OPTIONS, POST access-control-allow-origin: * access-control-allow-headers: content-length, content-type date: Mon, 13 Jan 2025 00:01:43 GMT Via: 1.1 google Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.4	49744	104.21.16.1	443	3940	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-13 00:01:43 UTC	653	OUT	GET /cdn-cgi/images/icon-exclamation.png?1376755637 HTTP/1.1 Host: reserves-page.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://reserves-page.com/cdn-cgi/styles/cf.errors.css Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-13 00:01:43 UTC	409	IN	HTTP/1.1 200 OK Date: Mon, 13 Jan 2025 00:01:43 GMT Content-Type: image/png Content-Length: 452 Connection: close Last-Modified: Tue, 07 Jan 2025 14:31:40 GMT ETag: "677d3acc-1c4" Server: cloudflare CF-RAY: 90111d0959111899-EWR X-Frame-Options: DENY X-Content-Type-Options: nosniff Expires: Mon, 13 Jan 2025 02:01:43 GMT Cache-Control: max-age=7200 Cache-Control: public Accept-Ranges: bytes
2025-01-13 00:01:43 UTC	452	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 36 00 00 00 36 08 03 00 00 00 bb 9b 9a ef 00 00 00 33 50 4c 54 45 c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f ab b2 22 ed 00 00 00 11 74 52 4e 53 00 40 30 10 60 8f bf ff ef 7f af 9f df 20 50 cf 70 60 82 c8 9b 00 00 01 2f 49 44 41 54 78 01 bd d3 05 d2 b4 30 10 06 e1 8e 6c de c1 36 dc ff b2 9f 2b 95 c9 12 7e 79 4a 91 46 22 b8 c2 8b c8 80 94 6f 45 1f ac 4c 81 33 f2 ac 03 5b 1e 95 69 32 b5 94 6e 98 57 79 4a c4 91 8a 7a 26 9a 82 a9 af a4 46 95 f5 d0 1a fb 95 c7 62 bf b2 f2 e9 70 7e e3 a7 a0 df ee 7c 3a 74 35 f1 6d b3 b3 99 66 70 af 69 f2 2f 65 ef c7 fa 99 25 de 25 1b c9 b4 f0 6e d2 50 a6 ed fb 65 Data Ascii: PNGIHDR663PLTEE?E?E?E?E?E?E?E?E?E?E?E?E?E?E?E?E?"tRNS@0` Pp`/IDATx0l6+~yJF"oEL3[i2nWyJz&Fbp~\|:t5mfpi/e%%nPe

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.4	49745	35.190.80.1	443	3940	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-13 00:01:43 UTC	486	OUT	POST /report/v4?s=4cw%2FiHr0XuECvea98csnAqPrFuFn99lGeepsU6BPTSomwHWxl%2FzdH%2BZYp5xo1EthJedJogRhvVyCkBOJZoJOZizNAMESrYpttUBA5g31cT1dMGAsSEFXj4a4IX1w%2B6PD5OKhTA%3D%3D HTTP/1.1 Host: a.nel.cloudflare.com Connection: keep-alive Content-Length: 393 Content-Type: application/reports+json User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-13 00:01:43 UTC	393	OUT	Data Raw: 5b 7b 22 61 67 65 22 3a 31 2c 22 62 6f 64 79 22 3a 7b 22 65 6c 61 70 73 65 64 5f 74 69 6d 65 22 3a 35 39 33 2c 22 6d 65 74 68 6f 64 22 3a 22 47 45 54 22 2c 22 70 68 61 73 65 22 3a 22 61 70 70 6c 69 63 61 74 69 6f 6e 22 2c 22 70 72 6f 74 6f 63 6f 6c 22 3a 22 68 74 74 70 2f 31 2e 31 22 2c 22 72 65 66 65 72 72 65 72 22 3a 22 22 2c 22 73 61 6d 70 6c 69 6e 67 5f 66 72 61 63 74 69 6f 6e 22 3a 31 2e 30 2c 22 73 65 72 76 65 72 5f 69 70 22 3a 22 31 30 34 2e 32 31 2e 31 36 2e 31 22 2c 22 73 74 61 74 75 73 5f 63 6f 64 65 22 3a 34 30 33 2c 22 74 79 70 65 22 3a 22 68 74 74 70 2e 65 72 72 6f 72 22 7d 2c 22 74 79 70 65 22 3a 22 6e 65 74 77 6f 72 6b 2d 65 72 72 6f 72 22 2c 22 75 72 6c 22 3a 22 68 74 74 70 73 3a 2f 2f 72 65 73 65 72 76 65 73 2d 70 61 67 65 2e 63 6f 6d 2f Data Ascii: [{"age":1,"body":{"elapsed_time":593,"method":"GET","phase":"application","protocol":"http/1.1","referrer":"","sampling_fraction":1.0,"server_ip":"104.21.16.1","status_code":403,"type":"http.error"},"type":"network-error","url":"https://reserves-page.com/
2025-01-13 00:01:44 UTC	168	IN	HTTP/1.1 200 OK Content-Length: 0 date: Mon, 13 Jan 2025 00:01:43 GMT Via: 1.1 google Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.4	49746	104.21.16.1	443	3940	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-13 00:01:44 UTC	598	OUT	GET /favicon.ico HTTP/1.1 Host: reserves-page.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://reserves-page.com/evquyjaw Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-13 00:01:44 UTC	983	IN	HTTP/1.1 200 OK Date: Mon, 13 Jan 2025 00:01:44 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: BYPASS Set-Cookie: PHPSESSID=d4h8bcg38mmeg2qi6op9kkb6sl; path=/ Accept-Ranges: bytes Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=W16dVconmIPP%2BcbRUnJ%2Fol3ieBrFdVM8a69ZtKzhn7uRhW1QS2d1q0qJQtIb5FzJKuWcCRIJxAtaf1KgMfEujWQy%2BOWZaEZGmpggX8hTTJ2aGmnYFQ6DkSyGZUzgmbXnarZzdQ%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 90111d0d8ea27293-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=2037&min_rtt=1969&rtt_var=787&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2844&recv_bytes=1176&delivery_rate=1482986&cwnd=158&unsent_bytes=0&cid=dde7273e0f68c29c&ts=406&x=0"
2025-01-13 00:01:44 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.4	49747	104.21.48.1	443	3940	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-13 00:01:44 UTC	387	OUT	GET /cdn-cgi/images/icon-exclamation.png?1376755637 HTTP/1.1 Host: reserves-page.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-13 00:01:44 UTC	409	IN	HTTP/1.1 200 OK Date: Mon, 13 Jan 2025 00:01:44 GMT Content-Type: image/png Content-Length: 452 Connection: close Last-Modified: Tue, 07 Jan 2025 14:31:40 GMT ETag: "677d3acc-1c4" Server: cloudflare CF-RAY: 90111d0de8548c15-EWR X-Frame-Options: DENY X-Content-Type-Options: nosniff Expires: Mon, 13 Jan 2025 02:01:44 GMT Cache-Control: max-age=7200 Cache-Control: public Accept-Ranges: bytes
2025-01-13 00:01:44 UTC	452	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 36 00 00 00 36 08 03 00 00 00 bb 9b 9a ef 00 00 00 33 50 4c 54 45 c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f c1 45 3f ab b2 22 ed 00 00 00 11 74 52 4e 53 00 40 30 10 60 8f bf ff ef 7f af 9f df 20 50 cf 70 60 82 c8 9b 00 00 01 2f 49 44 41 54 78 01 bd d3 05 d2 b4 30 10 06 e1 8e 6c de c1 36 dc ff b2 9f 2b 95 c9 12 7e 79 4a 91 46 22 b8 c2 8b c8 80 94 6f 45 1f ac 4c 81 33 f2 ac 03 5b 1e 95 69 32 b5 94 6e 98 57 79 4a c4 91 8a 7a 26 9a 82 a9 af a4 46 95 f5 d0 1a fb 95 c7 62 bf b2 f2 e9 70 7e e3 a7 a0 df ee 7c 3a 74 35 f1 6d b3 b3 99 66 70 af 69 f2 2f 65 ef c7 fa 99 25 de 25 1b c9 b4 f0 6e d2 50 a6 ed fb 65 Data Ascii: PNGIHDR663PLTEE?E?E?E?E?E?E?E?E?E?E?E?E?E?E?E?E?"tRNS@0` Pp`/IDATx0l6+~yJF"oEL3[i2nWyJz&Fbp~\|:t5mfpi/e%%nPe

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.4	49748	104.21.48.1	443	3940	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-13 00:01:45 UTC	398	OUT	GET /favicon.ico HTTP/1.1 Host: reserves-page.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: PHPSESSID=d4h8bcg38mmeg2qi6op9kkb6sl
2025-01-13 00:01:45 UTC	926	IN	HTTP/1.1 200 OK Date: Mon, 13 Jan 2025 00:01:45 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: close Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache CF-Cache-Status: BYPASS Accept-Ranges: bytes Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=gopDJgfCWoVxqhaXxiNyh9dZd4gBtoNaaO%2FBlG3BVFkf%2FFbgpHjtv7F6%2BnAzEDn0TZ1uz9PrSMd1iXGaoRgBlTt40Utim5qg801VV7fVdZ8EFXUEvTgX83GWE0gkddD3MLR%2BFg%3D%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 90111d12c9eb42e9-EWR alt-svc: h3=":443"; ma=86400 server-timing: cfL4;desc="?proto=TCP&rtt=1759&min_rtt=1755&rtt_var=667&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2844&recv_bytes=976&delivery_rate=1629464&cwnd=240&unsent_bytes=0&cid=dc830a893365e23e&ts=290&x=0"
2025-01-13 00:01:45 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Target ID:	0
Start time:	19:01:31
Start date:	12/01/2025
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	2
Start time:	19:01:35
Start date:	12/01/2025
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2256 --field-trial-handle=2220,i,7323484820742791513,8664641761319744248,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	3
Start time:	19:01:41
Start date:	12/01/2025
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://reserves-page.com/evquyjaw"
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Chronological Activities

Disassembly

⊘No disassembly

Source: https://reserves-page.com/favicon.ico	Avira URL Cloud: Label: phishing
Source: https://reserves-page.com/cdn-cgi/images/icon-exclamation.png?1376755637	Avira URL Cloud: Label: phishing
Source: https://reserves-page.com/cdn-cgi/styles/cf.errors.css	Avira URL Cloud: Label: phishing

Source: Yara match	File source: 1.0.pages.csv, type: HTML
Source: Yara match	File source: 1.1.pages.csv, type: HTML
Source: Yara match	File source: dropped/chromecache_43, type: DROPPED

Source: https://reserves-page.com/evquyjaw	HTTP Parser: No favicon
Source: https://reserves-page.com/evquyjaw	HTTP Parser: No favicon

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Source: unknown	TCP traffic detected without corresponding DNS query: 2.22.50.131
Source: unknown	TCP traffic detected without corresponding DNS query: 2.22.50.131
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /evquyjaw HTTP/1.1Host: reserves-page.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/styles/cf.errors.css HTTP/1.1Host: reserves-page.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://reserves-page.com/evquyjawAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/images/icon-exclamation.png?1376755637 HTTP/1.1Host: reserves-page.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://reserves-page.com/cdn-cgi/styles/cf.errors.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: reserves-page.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://reserves-page.com/evquyjawAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/images/icon-exclamation.png?1376755637 HTTP/1.1Host: reserves-page.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: reserves-page.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=d4h8bcg38mmeg2qi6op9kkb6sl

Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: reserves-page.com
Source: global traffic	DNS traffic detected: DNS query: a.nel.cloudflare.com

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report https://reserves-page.com/evquyjaw

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Dropped Files

HTML

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Phishing

Networking

System Summary

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

LLM Input / Output

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Chrome Cache Entry: 43

Chrome Cache Entry: 44

Chrome Cache Entry: 45

Chrome Cache Entry: 46

Static File Info

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

ICMP Packets

DNS Queries

DNS Answers

HTTP Request Dependency Graph

HTTPS Proxied Packets

Statistics

CPU Usage

Memory Usage

Behavior

System Behavior

Analysis Process: chrome.exePID: 3704, Parent PID: 6108

General

Chronological Activities

Analysis Process: chrome.exePID: 3940, Parent PID: 3704

General

Chronological Activities

Analysis Process: chrome.exePID: 6892, Parent PID: 6108

Windows Analysis Report
https://reserves-page.com/evquyjaw